Splunk® App for Fraud Analytics

User Guide

Macros in Splunk App for Fraud Analytics

Splunk App for Fraud Analytics includes the following preconfigured macros. Use these macros instead of editing data models, dashboards and searches.

Name Description
Fraud_webindexes__fraud_web Data sources for the fraud_web data model.
datasources__fraud_account Data sources for the fraud_account data model.
AF__app System name of the parent app (Splunk Enterprise Security). Used to generate link within notable events to the investigation dashboard.
AF__dash__customer_accounts System name of the Customer Account Analysis dashboard. Used to generate link within notable events to the investigation dashboard.
AF__dash__risk_exposure System name of the Risk Exposure dashboard. Used to generate link within notable events to the investigation dashboard.
AF__dash__web_traffic System name of the Web Traffic Analysis dashboard. Used to generate link within notable events to the investigation dashboard.
high_value_accounts List of VIP accounts.
anon_get_numeric_id(2) Generates anonymized numeric ID.
datasources__fraud_account Lists index(es) for new account fraud data model: fraud_account.
high_value_accounts Lists special high value account that might require extra attention.
indexes__fraud_web index IN ("firstfederal", "web_traffic") Lists index(es) for fraud data model: fraud_web.
infields Lists some internal Splunk fields.
random_in_range(2) Macro to generate random number within specified range
Last modified on 29 July, 2024
Data models in Splunk App for Fraud Analytics   Recommended types of data sources for fraud detection

This documentation applies to the following versions of Splunk® App for Fraud Analytics: 1.1.3, 1.2.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters